CVE-2025-47914
published 2025-11-19CVE-2025-47914: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.47%
37.4th percentile
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-go.crypto | < golang-go.crypto 1:0.45.0-1 (forky) | golang-go.crypto 1:0.45.0-1 (forky) |
| golang.org | x_crypto | >= 0 < 0.45.0 | 0.45.0 |
| golang.org | x_crypto_golang.org_x_crypto_ssh_agent | < 0.45.0 | 0.45.0 |
| golang | crypto | < 0.45.0 | 0.45.0 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
osv5.3MEDIUM
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
ghsa·2025-11-19
CVE-2025-47914 [MEDIUM] CWE-125 golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
OSV
CVE-2025-47914: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is m
osv·2025-11-19·CVSS 5.3
CVE-2025-47914 [MEDIUM] CVE-2025-47914: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is m
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
OSV
Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
osv·2025-11-19
CVE-2025-47914 Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
OSV
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
osv·2025-11-19
CVE-2025-47914 [MEDIUM] golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
golang.org/x/crypto/ssh/agent vulnerable to panic if message is malformed due to out of bounds read
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Red Hat
golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
vendor_redhat·2025-11-19·CVSS 5.3
CVE-2025-47914 [MEDIUM] CWE-125 golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
Statement: This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH
Debian
CVE-2025-47914: golang-go.crypto - SSH Agent servers do not validate the size of messages when processing new ident...
vendor_debian·2025·CVSS 5.3
CVE-2025-47914 [MEDIUM] CVE-2025-47914: golang-go.crypto - SSH Agent servers do not validate the size of messages when processing new ident...
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1:0.45.0-1)
sid: resolved (fixed in 1:0.45.0-1)
trixie: open
No detection rules found.
No public exploits indexed.
2025-11-19
Published